05-16-2006 08:04 PM
I've been getting a lot of calls on these lately. Why isn't Brightmail catching this stuff?
-S'ensationall revoolution in m'edicine!
-E'n'l'a'r'g'e your p''enis up to 10 cm or up to 4 inches!
-It's herbal solution what hasn't side effect, but has 100% guaranted results!
-Don't lose your chance and but know wihtout doubts, you will be impressed with results!
Clisk here: Link Removed for Security Reasons
There's some garbage words at the bottom, but this seems like your average, run-of-the-mill SPAM that should EASILY be blocked by Brightmail.
05-16-2006 11:00 PM
In 19 hours, brightmail marked as spam positive 27,540 of these for us; however, I do know some are still getting through.
As a side note, these people registered at least 1,212 domains that we know about - yesterday most of them resolved to www.veritas-productions.com now some of the same ones resolve to www.cheapmoresize.com.
I'll give them credit - they did spend money to do this - registering that many domains takes time and money.
A message filter that should do you is:
drop_enlargement: if (body-size <= 10240) and (body-contains("(?i)clisk here"))
{
drop();
}
And if your users can't spell click - darn.
05-17-2006 03:43 AM
I was cross with Brightmail on this one as it should have been dead easy for them to detect (despite the URL).
They did their homework (the spammers) on this one as it attacked heaps of DLs that were only displayed in closed group tender sites etc.
05-17-2006 11:17 PM
I'll give them credit - they did spend money to do this - registering that many domains takes time and money.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: